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Final rejection 

1. Applicant's arguments/amendments with respect to the amended claims 1, 3, 5-8, 10-11, 
and 13, original claims 2, 4, 9, and 12, and added claims 14-20 have been considered but are 
moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

3. Claims 1-20 are rejected under 35 U.S.C. 102(b) as being anticipated by Heys, et al. "The 
Design of secure Block Ciphers", May 1994. 

As per claim 1, Heys teaches a method for cryptographically converting an input data block into 
an output data block; the method including performing: 

selecting a select permutation from a predetermined set of at least two permutations (page 
1 par. 1 & 5 and page 3 last paragraph); and 

performing a non-linear substitution operation on the input data block based on the select 
permutation (page 1 par. 1 & 5 and page 3 last paragraph). 
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As per claim 13 3 Hays teaches a system for cryptographically converting an input data block into 
an output data block; the system including: 

an input for receiving the input data block (page 3 last paragraph, page 5 first paragraph); 

a storage for storing a predetermined set of at least two permutations associated with an 
S-box (page 4 paragraph 8); 

a cryptographic processor for performing a non-linear operation on the input data block 
using an S-box based on a permutation (page 1 par. 1 & 5 and page 3 last paragraph); 

the processor being operative to, each time before using the S-box, (pseudo-)randomly 
selecting the permutation from the stored set of permutations associated with the S-box (page 1 
par. 1 & 5, page 2 par. 3, page 3 last paragraph, and page 6 par. 5-6); and 

an output for outputting the processed input data block (page 3 last paragraph). 

As per claim 14, Hays teaches a cryptographic encoder comprising: 
one or more encryption stages (page 4 par. 8-9), 
each stage of the one or more encryption stages including 

a non-linear substitution module that is configured to receive a control signal and 
a set of data bits (page 1 last paragraph), 

wherein the non-linear substitution module includes a plurality of substitution 
boxes (page 1 last paragraph); and 

each of the substitution boxes is configured to receive at least a subset of the 
control signal and a subset of the set of data bits (page 1 last paragraph), and: 
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substitutes a first output value for the subset of the set or data bits if the 
subset of the control signal is a first value (page 1 abstract & last paragraph, page 
2 par. 3, and page 3-4 No. IV), and 

substitutes a second output value for the subset of the set of data bits if the 
subset of the control signal is a second value (page 1 abstract & last paragraph, 
page 2 par. 3, and page 4-5 No. V). 

As per claim 2, Hays teaches a method, wherein the set of permutations is formed such that a 
cryptographic weakness in one of the permutations of the set is at least partially compensated by 
a corresponding cryptographic strength in at least one of the other permutations of the set (page 1 
abstract and page 3-4 No. IV). 

As per claim 3, Hays teaches a method, wherein 

the data block consists of n data bits (page 2 par. 3), and 

each permutation of the set of permutations is a set of 2. sup. n elements, represented by, 
where each non-trivial differential characteristic of each permutation in this set has a probability 
that is less than or equal to a maximum probability (page 3 last paragraph), 

the set of permutations being formed by permutations which have been selected such that 
for each non-trivial differential characteristic having the maximum probability in any of the 
permutations, this differential characteristic has a lower probability in at least one of the other 
permutations of the set (page 3 last paragraph and page 2-3 No. III). 
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As per claim 4, Hays teaches a method, wherein the differential characteristic has a probability 
equal to zero in at least one of the permutations (page 2-3 No. Ill and page 3 No. IV). 

As per claim 5, Hays teaches a method, wherein n=4, and the maximum probability equals l A 
(page 3 No. IV). 

As per claim 6, Hays teaches a method, wherein 

the data block consists of n data bits (page 2 par. 3), and 

each permutation of the set of permutations is a set of 2.sup.n elements, where each non- 
trivial linear characteristic of each permutation in this set has a probability of at least minimum 
probability and at most maximum probability (page 3 last paragraph), 

the set of permutations being formed by permutations which have been selected such that 
for each non-trivial linear characteristic with probability that equals the minimum or maximum 
probability in any of the permutations, this linear characteristic has a probability closer to 1/2 in 
at least one of the other permutations of the set (page 4 par. 1 5). 

As per claim 7, Hays teaches a method, wherein the linear characteristic has a probability equal 
to 1/2 in at least one of the permutations (page 4 par. 1 5). 

As per claim 8, Hays teaches a method, wherein n=4, the minimum probability is l A and the 
maximum probability is Va (page 3-4 No. IV). 
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As per claim 9, Hays teaches a method, wherein the set of permutations consists of two 
permutations (page 3-4 No. IV). 

As per claim 10, Hays teaches a method, wherein 

selecting the select permutation is based on an encryption key (page 1 abstract and last 
paragraph). 

As per claim 11, Hays teaches a method, wherein 

selecting the permutation is performed under control of a bit of an encryption key (page 2 

No. II). 

As per claim 15, Hays teaches the cryptographic encoder, wherein 

each stage of the one or more encryption stages further includes 

an addition module that is configured to combine at least a subset of a key 
with a data input to provide the set of data bits to the non-linear substitution module (page 1 
abstract and page II No. II). 

As per claim 16, Hays teaches the cryptographic encoder, wherein 

the control signal includes another subset of the key (page 2 par. 3). 

As per claim 1 7, Hays teaches the cryptographic encoder, wherein 

each stage of the one or more encryption stages further includes 

a transformation module that is configured to transform the output values from 
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the substitution boxes to provide therefrom an encrypted data output (page 3-4 No. IV). 

As per claim 1 8 5 Hays teaches the cryptographic encoder, wherein 

the second output value is formed such that a cryptographic weakness in the first value is 
at least partially compensated by a corresponding cryptographic strength in the second output 
value (page 1 abstract). 

As per claim 19, Hays teaches the cryptographic encoder, wherein 

the subset of the set of data bits consists of n data bits (page 2 par. 3), and 
each of the first and second data output values is a mapping of the subset of the set of 
data bits to an element of a set of 2 A n elements, where each non-trivial differential characteristic 
of each of the set of 2 A n elements of the first and second output values has a probability that is 
less than or equal to a maximum probability (page 3 last paragraph); 

the set of 2 A n elements that provide second data output value being selected such that for 
each non-trivial differential characteristic having the maximum probability in the set of 2 A n 
elements that provide the first output value, this differential characteristic has a lower probability 
in the set of 2 A n elements that provide second data output value (page 3 last paragraph and page 
2-3 No. III). 

As per claim 20, Hays teaches the cryptographic encoder, wherein 

the subset of the set of data bits consists of n data bits (page 2 par. 3), and 

each of the first and second data output values is a mapping of the subset of the set of 

data bits to an element of a set of 2 A n elements, where each non-trivial differential characteristic 
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of each of the set of 2 A n elements of the first and second output values has a probability that is at 
least a minimum probability and at most a maximum probability (page 3 last paragraph); 

the set of 2 A n elements that provide second data output value being selected such that for 
each non-trivial linear characteristic that equals the minimum or maximum probability in the set 
of 2 A n elements that provide the first output value, this linear characteristic has a probability 
closer to 1/2 in the set of 2 A n elements that provide second data output value (page 4 par. 15). 

4. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

5. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Eleni A Shiferaw whose telephone number is 571-272-3867. The 
examiner can normally be reached on Mon-Fri 8:00am-5:00pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 





